Beta

We’ve updated the RAM website.

During the beta, you can still access the legacy RAM websiteExternal Link. In the case of any discrepancies, this website is the source of truth.

    Relationship Authorisation Manager (RAM) website logo

    Manage machine credentials

    How to manage permissions, use, expiry and unassigned machine credentials.

    Published 7 August 2025

    Customise machine credential permissions

    Once created, a machine credential has full permissions. If required, a principal authority or authorisation administrator can customise these permissions in the agency’s service.

    Some agencies may have further requirements before machine credential permissions can be customised. Refer to the agency’s service for more information. For example, ATO – Access Manager for business software usersExternal Link.

    View or export machine credential activities

    Principal authorities and authorisation administrators can use the 'History' function to view or export machine credential activities for a business. For example, when a machine credential was created, claimed, revoked or suspended.

    You can export up to 1,000 records at once. If there are more than 1,000 records, you’ll need to export multiple reports. Use the search and filter options, such as ‘actioned date’ and ‘actioned by’, to refine the list of machine credentials.

    How to view or export the history of machine credential activities

    1. Log in to RAMExternal Link
    2. Select View or manage authorisations, machine credentials and cloud software notifications.
    3. Select the business name.
    4. Select History to view the business history log.
    5. Select the Machine credentials tab.
    6. Export, then select Yes to export a report.

    Revoke a machine credential

    Ensure you regularly maintain machine credentials in RAM and revoke a machine credential immediately when it is no longer valid. For example, it is no longer being used or the user has left the business.

    Once revoked, the machine credential cannot be used or reinstated.

    How to revoke a machine credential

    1. Log in to RAMExternal Link
    2. Select View or manage authorisations, machine credentials and cloud software notifications.
    3. Select My authorisations.
    4. Select the business name you would like to revoke the machine credential from.
    5. Select Manage Credentials.
    6. Find the machine credential you want to revoke and select Revoke.
    7. You will need to confirm that you want to revoke the credential, select Continue.
    8. A success message will appear. Select Continue and you will return to the Manage credentials tab – the machine credential will now show a status of revoked.

    Claim an unassigned machine credential

    When a principal authority or authorisation administrator removes the role or authorisation of a Machine credential administrator (MCA), the associated machine credential becomes unassigned. It will display as ‘Suspended’ in RAM but remain active for 60 days from the date of removal.

    All other MCAs will receive a notification via email to claim the unassigned machine credential. If there are no other MCAs associated with the business, the principal authority will receive this email. Reminder emails will be sent at 30 days and 53 days. If a machine credential is not claimed within 60 days, the status will change to ‘Revoked’ and it can no longer be used.

    How to claim an unassigned machine credential

    1. Log in to RAMExternal Link
    2. Select View or manage authorisations, machine credentials and cloud software notifications.
    3. Select the business name you would like to claim the machine credential for.
    4. Select Manage Credentials.
    5. Find the machine credential you want to claim, select Edit then Claim credential.
    6. A success message will appear.
    7. Select Continue to return to Manage credentials – the machine credential status will be ‘Active’.

    Machine credential expiring

    A machine credential is valid for 2 years. The machine credential custodian (MCA or principal authority who created or claimed the credential) is notified via email at 60 days, 30 days and 7 days before expiry. If the custodian is no longer authorised, the other MCAs will be notified. Principal authorities will be notified if there are no MCAs for the business.

    To ensure continued access, check if your software has a renewal function. If it doesn’t, create a new machine credential using the same credential name. You can do this at any time before the expiry date.

    If you’re a digital service provider, you can incorporate a renewal functionExternal Link in your software.

    How to check the expiry date of a machine credential

    1. Log in to RAMExternal Link
    2. Select View or manage authorisations, machine credentials and cloud software notifications.
    3. Select Manage credentials.
    4. Select Status.
    5. View the Valid to date – this date cannot be extended.